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METHOD FOR COMBINING TRANSFER FUNCTIONS 
WITH PREDETERMINED KEY CREATION 



5 FIELD OF THE INVENTION 



The invention relates to the protection of digital information. More particularly, the 
invention relates to a method for combining transfer functions v/ith predetermined fcey creation. 



10 CROSS-REFERENCE TO RELATED APPLICATIONS 



This application claims the benefit of U.S. patent application Serial No. OS/587,943, filed 
January 17, 1996, entitled "Method for Stega-Cipher Protection of Computer Code," the entire 
disclosure of which is hereby incorporated by reference. 

BACKGROUND OF THE INVENTION 



Increasingly, commercially valuable information is being created and stored in "digital" 
form. For example, music, photographs and video can all be stored and transmi^ed as a series of 
20 numbers, such as I's and O's. Digital techniques let the original information be recreated in a 

very accurate manner. Unfortunately, digital techniques also let the information be easily copied 
without the information owner's permission. 



Because unauthorized copying is clearly a disincentive to the digital distribution of 
valuable information, it is important to establish responsibility for -copies and derivative copies <)f 
such works. For example, if each authorized digital copy of a popular song is identified with a 
unique number, any unauthorized copy of the song would also contain the number. This would 
allow the owner of the information, such as a song publisher, to investigate who made the 
unauthorized copy. Unfortunately, it is possible that the unique number could be erased or 
altered if it is simply tacked on at the beginning or end of the digital information. 

As will be described, known digital "watermark" techniques give creators and publishers 
of digitized multimedia content localized, secured identification and authentication of that 
content. In considering the various forms of multimedia content, such as "master," stereo. 
National Television Standards Committee (NTSC) video, audio tape or compact disc, tolerance 
of quality will vary with individuals and affect the underlying commercial and aesthetic value of 
the content. For example, if a digital version of a popular song sounds distorted, it will be less 
valuable to users. It is therefore desirable to embed copyright, ownership or purchaser 
information, or some combination of these and related data, into the content in a way that will 
damage the content if the watermark is removed without authorization. 

To achieve these goals, digital watermark systems insert ownership information in a way 
that causes little or no noticeable effects, or "artifacts," in the underlying content signal. For 
example, if a digital watermark js inserted into a digital version of a song, it is important that a 
listener not be bothered by the slight changes introduced by the watermark. It is also important 
for the watermark technique to maximize the encoding level and "location sensitivity" in the 



signal to force damage to the content signal when removal is attempted. Digital watermarks 
address many of these concems, and research in the field has provided extremely robust and 
secure implementations. 

What has been overlooked in many applications described in the art, however*, are 
systems which closely mimic distribution of content as it occurs in the real world. For instance, 
many watermarking systems require the original un-watermarked content signal to enable 
detection or decode operations. These include highly publicized efforts by NEC, Digimarc and 
others. Such techniques are problematic because, in the real world, original master copies reside 
in a rights holders vaults and are not readily available to the public. 

With much activity overly focused on watermark survivability, the security of a digital 
watermark is suspect. Any simple linear operation for encoding information into a signal may be 
used to erase the embedded signal by inverting the process. This is not a difficult task, especially 
when detection software is a plug-in freely available to the public, such as with Digimarc. In 
general, these systems seek to embed cryptographic information, not cryptographically«embed 
information into target media content. 

Other methods embed ownership information that is plainly visible in the media signal, 
such as the method described in US Patent No. 5,530,739 to Braudaway et al. The system 
described in Braudaway protects a digitized image by encoding a visible watermark to deter 
piracy. Such an implementation creates an immediate weakness in securing the embedded 
information because the watermark is plainly visible. Thus, no search for the embedded signal is 
necessary and the watermark can be more easily removed or altered. For example, while 



certainly useful to some rights owners, simply placing the symbol in the digital information 
would only provide limited protection. Removal by adjusting the brightness of the pixels 
forming the would not be difficult with respect to the computational resources required. 

Other relevant prior art includes US Patents No. 4,979,210 and 5,073,925 to Nagata^t al., 
5 which encodes information by modulating an audio signal in the amplitude/time domain. The 

modulations introduced in the Nagata process carry a "copy/don't copy" message, which is easily 
foimd and circumvented by one skilled in the art. The granularity of encoding is fixed by the 
amplitude and frequency modulation limits required to maintain inaudibility. These limits ar€ 
relatively low, making it impractical to encode more information using the Nagata process. 

10 Although US Patent No. 5,66^,018 to Leighton d e scribes a means t o prevent collusion 

attacks in digital watermarks, the disclosed method may not actually provide the security 
described. For-example, in cases where the watermarking technique is linear, the "insertion 
envelope" or "watermarking space" is well-defined and thus susceptible to attacks less 
sophisticated than collusion by unauthorized parties. Over-encoding at the watermarking 

15 encoding level is but one simple attack in such linear implementations. Another consideration 
not made by Leighton is that commercially-valuable content may already exist in a un- 
watermarked form somewhere, easily accessible to potential pirates, gutting the need for any type 
of collusive activity. Digitally signing the embedded signal with preprocessing of watermark 
data is more likely to prevent successful collusion. Furthermore, a "baseline" watermark as 

20 disclosed is quite subjective. It is simply described elsewhere in the art as the "perceptually 
significant" regions of a signal. Making a watermarking function less linear or inverting the 
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insertion of watermarks would seem to provide the same benefit without the additional work 
required to create a "baseline" watermark. Indeed, watermarking algorithms should already be 
capable of defining a target insertion envelope or region without additional steps. What is 
evident is the Leighton patent does not allow for initial prevention of attacks on an embedded 
5 watermark as the content is visibly or audibly unchanged. 

It is also important that any method for providing security also function with broadcasting 
media over networks such as the Internet, which is also referred to as "streaming." Commercial 
"plug-in" products such as RealAudio and RealVideo, as well as applications by vendors 
VDONet and Xtreme, are common in such network environments. Most digital watermark 

10 implementations focus on common file base signals and fail to anticipate the security of streamed 
signals. It is desirable that any protection scheme be able to function with a plug-in player 
without advanced knowledge of the encoded media stream. 

Other technologies focus solely on file-based security. These technologies illustrate the 
varying applications for security that must be evaluated for different media and distribution 

1 5 environments. Use of cryptolopes or cryptographic containers, as proposed by IBM in its 
Cryptolope product, and InterTrust, as described in U.S. Patents No. 4,827,508, 4,977,594, 
5,050,213 and 5,410,598, may discourage certain forms of piracy. Cryptographic containers, 
however, require a user to subscribe to particular decryption software to decrypt data. IBM's 
InfoMarket and InterTrust's DigiBox, among other implementations, provide a generalized 

20 model and need proprietary architecture to function. Every user must have a subscription or 

registration with the party which encrypts the data. Again, as a form of general encryption, the 
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data is scrambled or encrypted without regard to the media and its formatting. Finally, control 
over copyrights or other neighboring rights is left with the implementing party, in this case, IBM, 
InterTrust or a similar provider. 

Methods similar to these "trusted systems" exist, and Cerberus Central Limited and 
5 Liquid Audio, among a number of companies, offer systems which may functionally be thought 
of as subsets of IBM and InterTrust's more generalized security offerings. Both Cerberus and 
Liquid Audio propose proprietary player software which is registered to the user and "locked" in 
a manner parallel to the locking of content that is distributed via a cryptographic container. The 
economic trade-off in this model is that users are required to use each respective companies' 

10 proprietary player to play or otherwise manipulate content that is downloaded. If, as is the case 
presently, most music or other media is not available via these proprietary players and more 
companies propose non-compatible player formats, the proliferation of players will continue. 
Cerberus and Liquid Audio also by way of extension of their architectures provide for "near-CD 
quality" but proprietary compression. This requirement stems from the necessity not to allow 

1 5 content that has near-identical data make-up to an existing consumer electronic standard, in 

Cerberus and Liquid Audio's case the so-called Red Book audio CD standard of 16 bit 44.1 kHz, 
so that comparisons with the proprietary file may not yield how the player is secured. 
Knowledge of the player's file format renders its security ineffective as a file may be replicated 
and played on any common player, not the intended proprietary player of the provider of 

20 previously secured and uniquely formatted content. This is the parallel weakness to public k^ey 
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crypto-systems which have gutted security if enough plain text and cipher text comparisons 
enable a pirate to determine the user's private key. 

Many approaches to digital watermarking leave detection and decoding control with the 
implementing party of the digital watermark, not the creator of the work to be protected. A set of 
5 secure digital watermark implementations address this fundamental control issue forining the 
basis of key-based approaches. These are covered by the following patents and pending 
applications, the entire disclosures of which are hereby incorporated by reference: US Patent No. 
5,613, 004 entitled "Steganographic Method and Device" and its derivative US patent application 
Serial No. 08/775,216, US patent application Serial No. 08/587,944 entitled "Human Assisted 

10 Random Key Generation and Application for Digital Watermark System," US Patent Application 
Serial No. 08/587,943 entitled "Method for Stega-Cipher Protection of Computer Code," US 
patent application Serial No. 08/677,435 entitled "Optimization Methods for the Insertion, 
Protection, and Detection of Digital Watermarks in Digitized Data," and US Patent Application 
Serial No. 08/772,222 entitled "Z-Transform Implementation of Digital Watermarks." Public 

15 key crypto-systems are described in US Patents No. 4,200,770, 4,218,582, 4,405,829 and 
4,424,414, the entire disclosures of which are also hereby incorporated by reference. 

In particular, an improved protection scheme is described in "Method for Stega-Cipher 
Protection of Computer Code," US patent application Serial No. 08/587,943. This technique 
uses the key-based insertion of binary executable computer code within a content signal that is 

20 subsequently, and necessarily, used to play or otherwise manipulate the signal in which it is 
encoded. With this system, however, certain computational requirements, such as one digital 
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player per digital copy of content, may be necessitated. For instance, a consumer may dovmload 
many copies of watermarked content. With this technique, the user would also be downloading 
as many copies of the digital player program. While this form of security may be desirable for 
some applications, it is not appropriate in many circumstances. 

Finally, even when digital information is distributed in encoded form, it may be desirable 
to allow unauthorized users to play the information with a digital player, perhaps with a reduced 
level of quality. For example, a popular song may be encoded and freely distributed in encoded 
form to the public. The public, perhaps using commonly available plug-in digital players, could 
play the encoded content and hear the music in some degraded form. The music may -sound 
choppy, or fuzzy or be degraded in some other way. This lets the public decide, based on the 
available lower quality version of the song, if they want to purchase a key from the publisher to 
decode, or "clean-up," the content. Similar approaches could be used to distribute blurry pictures 
or low quality video. Or even "degraded" text, in the sense that only authenticated portions of 
the text can be determined with the predetermined key or a validated digital signature for the 
intended message. 

In view of the foregoing, it can be appreciated that a substantial need exists for a method 
allowing encoded content to be played, with degraded quality, by a plug-in digital player, and 
solving the other problems discussed above. 
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SUMMARY OF THE INVENTION 



The disadvantages of the art are alleviated to a great extent by a method for combining 
transfer functions vnth predetermined key creation. In one embodiment, digital information, 
including a digital sample and format information, is protected by identifying and encoding a 
portion of the format information. Encoded digital information, including the digital sample and 
the encoded format information, is generated to protect the original digital information. 

In another embodiment, a digital signal, including digital samples in a file fomiat having 
an inherent granularity, is protected by creating a predetermined key. The predetermined key is 
comprised of a transfer function-based mask set to manipulate data at the inherent granularity of 
the file format of the underlying digitized samples. 

With these and other advantages and features of the invention that will become 
hereinafter apparent, the nature of the invention may be more clearly understood by reference to 
the following detailed description of the invention, the appended claims and to the several 
drawings attached herein. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block flow diagram of a method for copy protection or authentication of 
digital information according to an embodiment of the present invention. 
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DETAILED DESCRIPTION 



In accordance with an embodiment of the present invention, a method combines transfer 
functions with predetermined key creation. Increased security is achieved in the method by 
combining elements of "public-key steganography" with cryptographic protocols, which keep 
in-transit data secure by scrambling the data with "keys" in a manner that is not apparent to those 
with access to the content to be distributed. Because different forms of randomness are 
combined to offer robust, distributed security, the present invention addresses an architectural 
"gray space" between two important areas of security: digital watermarks, a subset of the mor-e 
general art of steganography, and cryptography. One form of randomness exists in the mask sets 
that are randomly created to map watermark data into an otherwise unrelated digital signal. The 
second forrn of j-andomness is the random permutations of data formats used with digital players 
to manipulate the content with the predetermined keys. These forms can be thought of as the 
transfer function versus the mapping function inherent to digital watermarking processes. 

According to an embodiment of the present invention, a predetermined, or randomly 
generated, key is used to scramble digital information in a way that is unlike known "digital 
watermark" techniques and public key crypto-systems. As used herein, a key is also referred to 
as a "mask set" which includes one or more random or pseudo-random series of bits. Prior to 
encoding, a mask can be generated by any cryptographically secure random generation process. 
A block cipher, such as a Data Encryption Standard (DES) algorithm, in combination with a 
sufficiently random seed value, such as one created using a Message Digest 5 (MD5) algorithm. 
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emulates a cryptographically secure random bit generator. The keys are saved in a database, 
along with information matching them to the digital signal, for use in descrambling and 
subsequent viewing or playback. Additional file format or transfer property information is 
prepared and made available to the encoder, in a bit addressable manner. As well, any 
5 authenticating function can be combined, such as Digital Signature Standard (DSS) or Secure 
Hash Algorithm (SHA). 

Using the predetermined key comprised of a transfer function-based mask set, the data 
representing the original content is manipulated at the inherent granularity of the file format of 
the underlying digitized samples. Instead of providing, or otherwise distributing, watermariced 
10 content that is not noticeably altered, a partially "scrambled" copy of the content is distributed. 

The key is necessary both to register the sought-after content and to descramble the content into 
its original form. 

The present invention uses methods disclosed in "Method for Stega-Cipher Protection of 
Computer Code," US Patent Application Serial No. 08/587,943, with respect to transfer 

1 5 functions related to the common file formats, such as PICT, TIFF, AiFF, WAV, etc. 

Additionally, in cases where the content has not been altered beyond being encoded with such 
functional data, it is possible for a digital player to still play the content because the file format 
has not been altered. Thus, the encoded content could still be played by a plug-in digital player 
as discrete, digitally sampled signals, watermarked or not. That is, the structure of the file can 

20 remain basically unchanged by the watermarking process, letting common file format based 
players work with the "scrambled" content. 
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For example, the Compact Disc-Digital Audio (CD-DA) foraiat stores audio information 
as a series of frames. Each frame contains a number of digital samples representing, for 
example, music, and a header that contains file format information. As shown in FIG. 1 , 
according to an embodiment of the present invention some of the header information can be 
5 identified and "scrambled" using the predetermined key at steps 1 lOto 130. The music samples 
can remain unchanged. Using this technique, a traditional CD-DA player will be able to play a 
distorted version of the music in the sample. The amount of distortion will depend on the way, 
and extent, that the header, or file format, information has been scrambled, It would also be 
possible to instead scramble some of the digital samples while leaving the header information 

10 alone. In general, the digital signal would be protected by manipulating data at the inherent 

granularity, or "frames," of the CD-DA file format. To decode the information, a predetermined 
key is used before playing the digital information at steps 140 and 150. 

A key-based decoder can act as a "plug-in" digital player of broadcast signal streams 
without foreknowledge of the encoded media stream. - Moreover, the data format orientation is 

1 5 used to partially scramble data in transit to prevent unauthorized descrambled access by decoders 
that lack authorized keys. A distributed key can be used to unscramble the scrambled content 
because a decoder would understand how to process the key. Similar to on-the-fly decryption 
operations, the benefits inherent in this embodiment include the fact that the combination of 
watermarked content security, which is key-based, and the descrambling of the data, can be 

20 performed by the same key which can be a plurality of mask sets. The mask sets may include 
primary, convolution and message delimiter masks with file fomiat data included. 
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The creation of an optimized "envelope" for insertion of watermarks provides the basis of 
much watermark security, but is also a complementary goal of the present invention. The 
predetermined or random key that is generated is not only an essential map to access the hidden 
information signal, but is also the descrambler of the previously scrambled signal's format for 
playback or viewing. 

In a system requiring keys for watermarking content and validating the distribution of the 
content, different keys may be used to encode different information while secure one way hash 
functions or one-time pads may be incorporated to secure the embedded signal. The same keys 
can be used to later validate the embedded digital signature, or even fully decode the digital 
watermark if desired. Publishers can easily stipulate that content not only be digitally 
watermarked but that distributors must check the validity of the watermarks by perfonning 
digital signature-checks with keys that lack any other functionality. The system can extend to 
simple authentication of text in other embodiments. 

Before such a market is economically feasible, there are other methods for deploying 
key-based watermarking coupled with transfer ftinctions to partially scramble the content to be 
distributed without performing full public key encryption, i.e., a key pair is not necessarily 
generated, simply, a predetermined key's function is created to re-map the data of the content file 
in a lossless process. Moreover, the scrambling performed by the present invention may be more 
dependent on the file in question. Dissimilarly, encryption is not specific to any particular media 
but is performed on data. The file format remains unchanged, rendering the file useable by any 
conventional viewer/player, but the signal quality can be intentionally degraded in the absence of 
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the proper player and key. Public-key encryption seeks to completely obscure the sensitive 
"plaintext" to prevent coniparisons with the "ciphertext" to determine a user's private keys. 
Centralized encryption only differs in the utilization of a single key for both encryption and 
decryption making the key even more highly vulnerable to attacks to defeat the -encryption 
5 process. With the present invention, a highly sought after photograph may be hazy to the viewer 
using any number of commonly available, nonproprietary software or hardware, without the 
authorized key. Similarly, a commercially valuable song may sound poor. 

The benefit of some form of cryptography is not lost in the present invention. In fact, 
some piracy can be deterred when the target signal may be known but is clearly being protected 

1 0 through scrambling. What is not anticipated by known techniques, is an ala carte method to 

change various aspects of file formatting to enable various "scrambled states" for content to be 
subsequently distributed. An image may lack all red pixels or may not have any of the most 
significant bits activated. An audio sample can similarly be scrambled to render it 
less-than-commercially viable. 

15 The present invention also provides improvements over known netwoiic-based methods, 

such as those used for the streaming of media data over the Internet. By manipulating file 
formats, the broadcast media, which has been altered to "fit" within electronic distribution 
parameters, such as bandwidth availability and error correction considerations, can be more 
effectively utilized to restrict the subsequent use of the content while in transit as well as 

20 real-time viewing or playing. 
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The mask set providing the transfer function can be read on a per-use basis by issuing an 
authorized or authenticating "key" for descrambling the signal that is apparent to a viewer or a 
player or possessor of the authenticating key. The mask set can be read on a per-computer basis 
by issuing the authorized key that is more generalized for the computer that receives the 
broadcast signals. Metering and subscription models become viable advantages over known 
digital watermark systems which assist in designating the ownership of a copy of digitized media 
content, but do not prevent or restrict the copying or manipulation of the sampled signal in 
question. For broadcast or streamed media, this is especially the case. Message authentication is 
also possible, though not guaranteeing the same security as an encrypted file as wifli general 
crypto systems. 

The present invention thus benefits from the proprietary player model without relying on 
proprietary players. No new players will be necessary and existing multimedia file formats can 
be altered to exact a measure of security which is further increased when coupled with digital 
watermarks. As with most consumer markets for media content, predominant file formats exist, 
de facto, and corresponding formats for computers likewise exist. For a commercial compact 
disc quality audio recording, or 16 bit 44.1 kHz, corresponding file formats include: Audio 
Interchange File Format (AIFF), Microsoft WAV, Sound Designer II, Sun's .au, Apple's 
Quicklime, etc. For still image media, formats are similarly abundant: TIFF, PICT, JPEG, -GIF, 
etc. Requiring the use of additional proprietary players, and their complementary file formats, 
for limited benefits in security is wasteftal. Moreover, almost all computers today are 
multimedia-capable, and this is increasingly so with the popularity of Intel's MMX chip 
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architecture and the PowerPC line of microchips. Because file formatting is fundamental in the 
playback of the underlying data, the predetermined key can act both as a map, for information to 
be encoded as watermark data regarding ownership, and a descrambler of the file that has been 
distributed. Limitations will only exist in how large the key must be retrofitted for a given 
application, but any manipulation of file format information is not likely to exceed the size of 
data required versus that for an entire proprietary player. 

As with previous disclosures by the inventor on digital watermarking techniques, the 
present invention may be implemented with a variety of cryptographic protocols to increase both 
confidence and security in the imderlying system. A predetermined key is described as a set of 
masks. These masks may include primary, convolution and message delimiter mask. In 
previous disclosures, the functionality of these masks is defined solely for mapping. The present 
invention includes a mask set which is also controlled by the distributing party of a copy of a 
given media signal. This mask set is a transfer function which is limited only by the parameters 
of the file format in question. To increase the uniqueness or security of each key used to 
scramble a given media file copy, a secure one way hash function can be used subsequent to 
transfer properties that are initiated to prevent the forging of a particular key. Public and private 
keys may be used as key pairs to further increase the unlikeliness that a key may be 
compromised. 

These same cryptographic protocols can be combined with the embodirnents of the 
present invention in administering streamed content that requires authorized keys to correctly 
display or play the streamed content in an unscrambled manner. As with digital watermarking, 
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symmetric or asymmetric public key pairs may be used in a variety of implementations. 
Additionally, the need for certification authorities to maintain authentic key-pairs becomes a 
consideration for greater security beyond symmetric key implementations. The cryptographic 
protocols makes possible, as well, a message of text to be authenticated by a message 
authenticating function in a general computing device that is able to ensure secure message 
exchanges between authorizing parties. 

Although various embodiments are specifically illustrated and described herein, it will be 
appreciated that modifications and variations of the present invention are covered by the above 
teachings and within the purview of the appended claims without departing from the spirit and 
intended scope of the invention. 
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